Saturday, December 27, 2014
Will Wordpress soon enforce https for content? Also, ransomware masking as emails from FedEx
Electronic Frontier Foundation has a summary of the initiative for worldwide encryption of all web traffic, article here by Bill Budington, link.
Of particular interest is an announcement by Automattic that it would be serving all pages in https for its subdomains in Wordpress by the end of 2014 (or is that 2015)?
I have not seen this happen yet on either of my two Bluehost domains, and I haven’t gotten any emails or notifications about it or seen it on the dashboard. I’ve tried them with https and get an invalid security certificate.
Should ordinary web content, not requiring logon and not involving collecting data of users, be encrypted? Maybe, especially if you have a lot of visits from authoritarian countries (and it seems like I do).
In another warning (from AOL), there is a phishing attack of emails designed to look like FedEx shipments (probably UPS, too). If you click on the link, your computer freezes and you’re greeted with ransomware.
Indeed, a properly working anti-virus program should warn you not to go to the site, or stop any such script from running. But why hasn’t Microsoft fixed any vulnerability that allows such a website to upload and execute such a script at all? This shouldn’t be possible.
Maybe CERT will have an advisory soon. Sounds like we need another W7 or W8 update right away.